CLAIMS 
What is claimed is 

1. A method of securely invoking an access control function, the method comprising 
the steps of: 

\ 

3 \ receiving a digital signature for the access control function; 

\ 

4 ^generating a mapping of the access control function to the digital signature; 

5 cigtermining that the digital signature is mapped to the access control function 

\ 

6 \ based on the mapping when execution of the access control function is 

\ 

7 \ requested; 

\ 

8 determining whether an executable element matches the access control function 

\ 

9 based on the digital signature; and 

10 executing the executable element only when the executable element matches the 

\ 

1 1 access control function. 

\ 

1 2. The method of Claim l\ 

\ 

2 wherein a particular class defines an implementation for the access control 

3 function; \^ 

4 wherein the step of receiving a digital signature includes the step of receiving a 

5 digital signature for the particular class; and 

6 wherein the step of generating a mappingsincludes generating a mapping between 

7 the particular class and the digital signature. 

1 3 . The method of Claim 1 , 

2 wherein the method further includes the step of deteis^ing that an access control 

3 event has occurred; and 

4 wherein the step of retrieving the executable element is pe^brmed in response to 

5 detecting that the event has occurred. 
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1 \ 4. The method of Claim 3, 

2 \ wherein the method further includes the steps of: 

3 \ generating a mapping between the access control event and the access 

4 \ control function; 

\ 

5 \^ determining that the access control event is mapped to the access control 

6 \^ function; and 

7 wherein the step of retrieving the executable element is performed in response to 

8 determining that the access control event is mapped to the access control 

9 function. 

1 5. The method of Claim 4, further including the step of the executable element 

2 returning name- value pairs. 

1 6. The method of Claim ^wherein the step of the executable element returning 

2 name-value pairs include^ the executable element returning a hash table that 

3 contains the name-value parrs. 

1 7. The method of Claim 1, wherei^the method further includes the steps of: 

2 generating a mapping of a pluralitY^f access control functions to digital 

3 signatures, wherein the plurality of access control functions include the 

4 access control function, whereinNpne or more classes define an 

5 implementation for each of the plu^lity of access control functions; and 

6 wherein each of the one or more classes bekmg to a superclass. 

1 8. The method of Claim 7, further including the step of invoking a routine defined 

2 by a superclass that collects data to return to a callW of the particular class. 

1 9. The method of Claim 8, wherein the step of executing\the executable element 

2 includes invoking a routine defined for the superclass. \ 
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1 ly. The method of Claim 1 , wherein the step of retrieving an executable element 

2 \ includes retrieving byte code. 

1 1 1 . \ The metnpd of Claim 1 0, wherein the step of retrieving byte code includes 

2 retrieving U ava byte code. 

1 12. Thkmethoa of Claim 1, wherein the step of retrieving an executable element 

2 includes a first computer system retrieving byte code transmitted via a local area 

3 network\froni a second computer system. 

1 13. A computer-readable medium carrying one or more sequences of one or more 

2 instructions fonsecurely invoking an access control function, the one or more 

3 sequences of one^or more instructions including instructions which, when 

4 executed by oneWmore processors, cause the one or more processors to perform 

5 the steps of: \ \ 

6 receiving a digitallsigndture for the access control function; 

7 generating a mappLg of the access control function to the digital signature; 

1 \ 

8 determining that the digital Signature is mapped to the access control function 

9 based on the mapping \hen execution of the access control function is 

10 requested; \ \ 

1 1 determining whether an executable element matches the access control function 

12 based on the digital signature^&nd 

13 executing the executable element only when the executable element matches the 

14 access control faction. 

1 14. The computer-readable medium of Claim 13, \ 

2 wherein a particular classldefines an implementation for the access control 

3 function; 1 \ 
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4 wherein the step of receiving a digital signature includes the step of receiving a 

5 \ digital signature for the particular class; and 

\ 

6 wherbin the step of generating a mapping includes generating a mapping between 

\ / 

7 \the particular class and the digital signature. 

1 15. The computer-readable medium of Claim 1 3 , 

2 wherein the/computer-readable medium further includes sequences of instructions 

3 for performing the step of detecting that an access control event has 

. \ 

4 occfcrred;\and 

5 wherein the step of\retrieving the executable element is performed in response to 

6 defecting that\the event has occurred. 

\ 

\ 

1 16. The computer-readable medium of Claim 15, 

2 wherein ihe computer-readable medium further includes sequences of instructions 

3 lor performing the steps of: 

4 generating a mapping between the access control event and the access 

5 control function; \ 

6 determining that the access control event is mapped to the access control 

7 function; and 

8 wherein the step of retrieving the executable element is performed in response to 

9 determining that the access controlNpent is mapped to the access control 
10 function. 



1 17. 

2 

3 value 



The cohiputer-readable medium of Claim 16, further including sequences of 
instruci ions for performing the step of the executable element returning name- 



pairs. 
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The computer-readable medium of Claim 17, wherein the step of the executable 
\ element Returning name-value pairs includes the executable element returning a 
\ hash table^that contains the name-value pairs. 

\ 

Vhe computer-readable medium of Claim 13, wherein the computer-readable 

2 medium funher includes sequences of instructions for performing the steps of: 

\ i 

3 generating apapping of a plurality of access control functions to digital 

\ \ 
\ i 

4 Xsignat^ires, wherein the plurality of access control functions include the 

\ 

5 acpesslcontrol function, wherein one or more classes define an 

6 imp N tenrentation for each of the plurality of access control functions; and 

7 wherein each "ofi the one or more classes belong to a superclass. 

1 20. The computer-readable medium of Claim 19, further including sequences of 

\\ 

2 instructions for performing the step of invoking a routine defined by a superclass 

I \ 

3 that collects data tb return to a caller of the particular class. 

4 \ 

1 21 . The computer-readkble medium of Claim 20, wherein the step of executing the 

2 executable element ||nclude^invoking a routine defined for the superclass. 

\ 

1 22. The computer-readable mediumof Claim 13, wherein the step of retrieving an 

2 executable element includes retrieving byte code. 

\ 

v 

\ 

1 23. The computer-readable medium of Claim 22, wherein the step of retrieving byte 

2 code includes retrieving Java byte code. 

1 24. The computer-readable medium of Claim 13, wherein the step of retrieving an 

\ 

2 executable element includes a first computef^ystem retrieving byte code 

I \ 

3 transmitted via a local area network from a second computer system. 
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An access control system, comprising: 
a processor; 

a memory coupled td the processor; 



a first mapping that i naps each of a set of access control functions to a digital 

signature of tiat access control function; 
theyprocessor configured to retrieve an executable element in response to a 



\ request to execute a first access control function; 
the processor configured to determine whether the executable element matches the 

first access control function based on the digital signature; and 
the processor configured to execute the executable element when the executable 
element matches the first access control function. 



26. The access controlNsystem of Claim 25, 

\ 

wherein the set of access control functions are each implemented in a class; and 

wherein the first mapping maps a class implementing one of the set of access 

\ 

control functions to N a digital signature. 
\^ 

27. The access control system of 6daim 25, further comprising: 

the processor configured to detec\that an access control event has occurred; and 

\ 

the processor configured to retrieve^he executable element in response to 
detecting that the event has occurred. 

28. The access control s>stem of Claim 27, further comprising: 
the processor configured to generate a mapping between the access control event 

and the access control function; 
the processor configured to determine that the access control event is mapped to 
the access control function; and 
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Jired to 



the processor configured to retrieve the executable element in response to 

determining tjiat the access control event is mapped to the access control 
\ function. 

\ 

29. \The access control system of Claim 28, wherein the executable element returns 

name-value pairs. 

\ 

\ 

30. The access control s ystem of Claim 29, wherein the executable element returns a 
haslrtable that contains the name-value pairs. 



1 31. 

2 

3 

4 

5 

6 

7 

1 32. 
2 



33. 



1 34. 
2 

1 35. 
2 



The access control system of Claim 25, 

wherein thfc process or is configured to generate a mapping of a plurality of access 

control functions to digital signatures; 

wherein the plurality of access control functions include the access control 
\ 

function,W lerein one or more classes define an implementation for each 



of the plura ity of access control functions; and 



wherein each of the 



The access control 



The access control 



Qne or more classes belong to a superclass. 



syste^n of Claim 31, further comprising said processor 



configured to invol :e a routine defined by a superclass that collects data to return 

\ 

to a caller of the particular c^ass. 



system of Claim 32, wherein said processor is configured to 



execute the executable element % invoking a routine defined for the superclass. 

1 \ 

The access control system of Claim\33, wherein said executable element is byte 
code. 

The access control System of Claim 34, \yherein said byte code includes Java byte 
code. 
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